Change log for TRENDMICRO_APEX_CENTRAL
Date | Changes |
---|---|
2024-12-04 | Enhancement:
- When "cn2Label" is "Second_Action" and "cn2" is "1" then mapped "var_cn2_label.value" to "N/A". - When "cn2Label" is "Second_Action" and "cn2" is "0" then mapped "var_cn2_label.value" to "Unknown". - When "cn2Label" is "Second_Action" and "cn2" is "2" then mapped "var_cn2_label.value" to "Clean". - When "cn2Label" is "Second_Action" and "cn2" is "3" then mapped "var_cn2_label.value" to "Delete". - When "cn2Label" is "Second_Action" and "cn2" is "4" then mapped "var_cn2_label.value" to "Move". - When "cn2Label" is "Second_Action" and "cn2" is "5" then mapped "var_cn2_label.value" to "Rename". - When "cn2Label" is "Second_Action" and "cn2" is "6" then mapped "var_cn2_label.value" to "Pass/Log". - When "cn2Label" is "Second_Action" and "cn2" is "7" then mapped "var_cn2_label.value" to "Strip". - When "cn2Label" is "Second_Action" and "cn2" is "8" then mapped "var_cn2_label.value" to "Drop". - When "cn2Label" is "Second_Action" and "cn2" is "9" then mapped "var_cn2_label.value" to "Quarantine". |
2024-09-23 | - Changed the `fileHash` field to lowercase.
- Mapped "dntdom" to "target.administrative_domain". - Mapped "event_name" to "security_result.threat_name". - Mapped "dhost" to "principal.hostname". - Mapped "filePath" to "target.file.full_path". - Mapped "duser" to "target.user.userid". - Mapped "cs3" to "metadata.product_version". - Mapped "cs6" to "additional.fields". - Mapped "product_version" to "additional.fields". - Mapped "cat" to "additional.fields". - Mapped "msg" to "additional.fields". - Mapped "TMCMLogDetectedIP" to "additional.fields". - Mapped "dvchost" to "additional.fields". - Mapped "cnt" to "security_result.verdict_info.malicious_count". - Mapped "cs4" to "security_result.category_details". |
2024-09-23 | - Changed the `fileHash` field to lowercase.
- Mapped "dntdom" to "target.administrative_domain". - Mapped "event_name" to "security_result.threat_name". - Mapped "dhost" to "principal.hostname". - Mapped "filePath" to "target.file.full_path". - Mapped "duser" to "target.user.userid". - Mapped "cs3" to "metadata.product_version". - Mapped "cs6" to "additional.fields". - Mapped "product_version" to "additional.fields". - Mapped "cat" to "additional.fields". - Mapped "msg" to "additional.fields". - Mapped "TMCMLogDetectedIP" to "additional.fields". - Mapped "dvchost" to "additional.fields". - Mapped "cnt" to "security_result.verdict_info.malicious_count". - Mapped "cs4" to "security_result.category_details". |
2024-08-12 | - When "dvchost" is available, then mapped "metadata.event_type" to "STATUS_UPDATE".
|
2024-04-24 | - Added support for new event type "Endpoint Application Control"
|
2024-04-03 | - Added new attributes and support for customer specific new log format (CEF).
|